CVE-2026-31780

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A heap buffer overflow occurs in the wilc1000 WiFi driver due to an integer overflow in the SSID scan buffer size calculation. The variable valuesize is declared as a u8 (an 8-bit unsigned integer), but it accumulates the total length of all SSIDs to scan. Since each SSID can contribute up to 33 bytes and there can be up to 10 SSIDs, the total can reach 330 bytes, which wraps around to 74 when stored in a u8. Consequently, kmalloc() allocates only 75 bytes, while a subsequent memcpy() operation writes up to 331 bytes, leading to a 256-byte overflow.

Recommendations Update the Linux kernel to a version where the valuesize variable has been widened from u8 to u32 to accommodate the full range of the buffer size.